Hallo,

leider läßt sich mein Laptop nicht mehr richtig hochfahren.
Während dem Hochfahren erscheint der schwarzer Bildschirm wo man dann auswählen kann "Windows normal starten" und eine andere Option. Nach dem Anklicken von "normal starten" erscheint nach einer gewissen Zeit das BSOD, mit der Fehlermeldung 0x00000074.

Ich hab ihn jetzt im abgesicherten Modus gestartet um die Logfiles, wie folgt, zu bekommen:

FRST

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by James (administrator) on JAMES-PC on 14-06-2015 13:03:39
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Users\James\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-28] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-13]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-02-13]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-721324391-568460755-2307459731-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-721324391-568460755-2307459731-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-721324391-568460755-2307459731-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-13]

Chrome: 
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-05]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-14] (Advanced Micro Devices, Inc.) [File not signed]
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 13:03 - 2015-06-14 13:05 - 00012177 _____ C:\Users\James\Downloads\FRST.txt
2015-06-14 13:02 - 2015-06-14 13:03 - 00000000 ____D C:\FRST
2015-06-14 13:02 - 2015-06-14 13:02 - 02108928 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2015-06-14 13:01 - 2015-06-14 13:01 - 00000472 _____ C:\Users\James\Desktop\defogger_disable.log
2015-06-14 13:01 - 2015-06-14 13:01 - 00000000 _____ C:\Users\James\defogger_reenable
2015-06-14 13:00 - 2015-06-14 12:59 - 00050477 _____ C:\Users\James\Desktop\Defogger.exe
2015-06-14 12:59 - 2015-06-14 12:59 - 00050477 _____ C:\Users\James\Downloads\Defogger.exe
2015-06-14 10:31 - 2015-06-14 10:32 - 00269808 _____ C:\Windows\Minidump\061415-123209-01.dmp
2015-06-14 10:30 - 2015-06-14 10:30 - 131870192 _____ C:\Windows\MEMORY.DMP
2015-06-13 15:38 - 2015-06-14 10:31 - 00000000 ____D C:\Windows\Minidump
2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\Users\James\AppData\Roaming\Blender Foundation
2015-06-11 22:02 - 2015-06-11 23:12 - 00000000 ____D C:\Users\James\Downloads\Fiddelroom
2015-06-11 22:00 - 2015-06-11 22:00 - 67023692 _____ C:\Users\James\Downloads\DreamMotionTemplate17.blend
2015-06-11 21:58 - 2015-06-11 22:00 - 21732709 _____ C:\Users\James\Downloads\Fiddelroom.rar
2015-06-11 21:57 - 2015-06-11 22:00 - 70585180 _____ C:\Users\James\Downloads\intro template #3.blend
2015-06-11 21:57 - 2015-06-11 21:57 - 00000000 ____D C:\Program Files\Blender Foundation
2015-06-09 18:05 - 2015-06-09 18:05 - 00002131 _____ C:\Users\James\AppData\Local\recently-used.xbel
2015-06-09 18:01 - 2015-06-11 22:01 - 00000000 ____D C:\Users\James\.thumbnails
2015-06-09 17:51 - 2015-06-09 18:07 - 00000000 ____D C:\Users\James\.gimp-2.8
2015-06-09 17:51 - 2015-06-09 17:51 - 00000000 ____D C:\Users\James\AppData\Local\gegl-0.2
2015-06-09 17:49 - 2015-06-13 05:26 - 00000000 ____D C:\Program Files\GIMP 2
2015-06-09 17:36 - 2015-06-09 17:59 - 00000000 ____D C:\Users\James\Desktop\Out
2015-06-09 14:46 - 2008-11-01 23:52 - 00049208 ____R C:\Users\James\Desktop\logo-paul.bmp
2015-06-09 14:16 - 2015-06-14 02:54 - 00000000 ____D C:\Users\James\Desktop\Games
2015-06-09 14:14 - 2015-06-14 02:54 - 00000000 ____D C:\Users\James\Desktop\Stuff
2015-06-09 14:12 - 2015-06-09 14:14 - 28512959 _____ C:\Users\James\Desktop\EDGE v2.6 [r1].rar
2015-06-08 18:26 - 2015-06-08 18:26 - 00000000 __SHD C:\ProgramData\SecuROM
2015-06-08 17:52 - 2015-06-08 17:52 - 00000000 ____D C:\Users\James\Documents\Bandicut
2015-06-08 17:51 - 2015-06-14 02:56 - 00000000 ____D C:\Program Files (x86)\Bandicut
2015-06-08 17:45 - 2015-06-14 02:56 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-06-08 17:45 - 2015-06-14 02:54 - 00000000 ____D C:\Users\James\AppData\Roaming\BANDISOFT
2015-06-08 17:45 - 2015-06-09 17:56 - 00000000 ____D C:\Users\James\Documents\Bandicam
2015-06-08 17:12 - 2015-06-09 18:02 - 00000000 ____D C:\Users\James\Downloads\Skins
2015-06-01 21:55 - 2015-06-09 18:05 - 00000000 ____D C:\Users\James\Desktop\Texmod
2015-05-29 23:29 - 2015-05-29 23:29 - 00000000 ____D C:\Users\James\Documents\ASUS
2015-05-29 23:29 - 2015-05-29 23:29 - 00000000 ____D C:\Users\James\AppData\Local\ASUS
2015-05-29 23:29 - 2015-05-29 23:29 - 00000000 ____D C:\ProgramData\ASUS
2015-05-29 23:20 - 2015-05-29 23:20 - 00000000 ____D C:\Users\James\AppData\Local\{87CF942A-CC76-4571-86F8-A4AEA8836C86}
2015-05-29 20:01 - 2015-05-29 20:01 - 00000000 ____D C:\Users\James\AppData\Local\{3C8496E7-4FF7-4AEE-821C-2B086C059A10}
2015-05-29 19:53 - 2015-05-29 19:53 - 00000000 ____D C:\Users\James\AppData\Local\{D9A29DAB-6469-4498-BB3F-7BD5604229F3}
2015-05-29 19:42 - 2015-05-29 19:42 - 00000000 ____D C:\Users\James\AppData\Local\{3E5478AF-D838-4903-93F0-845127670344}
2015-05-29 19:40 - 2015-05-29 19:40 - 00000000 ____D C:\Users\James\AppData\Local\{080CE036-9617-42B7-94FD-E658AEEEA8DA}
2015-05-29 19:35 - 2015-05-29 19:35 - 00000000 ____D C:\Users\James\AppData\Local\{B18C1B99-034B-4673-831F-299A77510787}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 13:01 - 2015-02-12 22:22 - 00000000 ____D C:\Users\James
2015-06-14 12:56 - 2011-03-17 13:52 - 00677946 _____ C:\Windows\system32\perfh019.dat
2015-06-14 12:56 - 2011-03-17 13:52 - 00132446 _____ C:\Windows\system32\perfc019.dat
2015-06-14 12:56 - 2011-02-19 07:02 - 00357888 _____ C:\Windows\system32\perfh00D.dat
2015-06-14 12:56 - 2011-02-19 07:02 - 00069828 _____ C:\Windows\system32\perfc00D.dat
2015-06-14 12:56 - 2011-02-19 06:51 - 00389962 _____ C:\Windows\system32\prfh0404.dat
2015-06-14 12:56 - 2011-02-19 06:51 - 00107122 _____ C:\Windows\system32\prfc0404.dat
2015-06-14 12:56 - 2011-02-19 06:45 - 00681298 _____ C:\Windows\system32\prfh0816.dat
2015-06-14 12:56 - 2011-02-19 06:45 - 00134140 _____ C:\Windows\system32\prfc0816.dat
2015-06-14 12:56 - 2011-02-19 06:40 - 00692570 _____ C:\Windows\system32\perfh013.dat
2015-06-14 12:56 - 2011-02-19 06:40 - 00133162 _____ C:\Windows\system32\perfc013.dat
2015-06-14 12:56 - 2011-02-19 06:35 - 00691224 _____ C:\Windows\system32\perfh010.dat
2015-06-14 12:56 - 2011-02-19 06:35 - 00127560 _____ C:\Windows\system32\perfc010.dat
2015-06-14 12:56 - 2011-02-19 06:29 - 00696168 _____ C:\Windows\system32\perfh00C.dat
2015-06-14 12:56 - 2011-02-19 06:29 - 00130624 _____ C:\Windows\system32\perfc00C.dat
2015-06-14 12:56 - 2011-02-19 06:19 - 00695214 _____ C:\Windows\system32\perfh00A.dat
2015-06-14 12:56 - 2011-02-19 06:19 - 00137258 _____ C:\Windows\system32\perfc00A.dat
2015-06-14 12:55 - 2011-04-11 14:05 - 00438232 _____ C:\Windows\system32\perfh001.dat
2015-06-14 12:55 - 2011-04-11 14:05 - 00079718 _____ C:\Windows\system32\perfc001.dat
2015-06-14 12:55 - 2011-02-19 06:56 - 00552366 _____ C:\Windows\system32\perfh008.dat
2015-06-14 12:55 - 2011-02-19 06:56 - 00089474 _____ C:\Windows\system32\perfc008.dat
2015-06-14 12:55 - 2011-02-19 06:24 - 00652880 _____ C:\Windows\system32\perfh007.dat
2015-06-14 12:55 - 2011-02-19 06:24 - 00129608 _____ C:\Windows\system32\perfc007.dat
2015-06-14 12:55 - 2009-07-14 07:13 - 08503202 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-14 12:51 - 2009-07-14 06:45 - 00275208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-14 03:09 - 2009-07-14 09:45 - 00000000 ____D C:\Windows\ShellNew
2015-06-14 03:08 - 2011-04-13 04:33 - 00000000 ____D C:\ProgramData\Partner
2015-06-14 03:08 - 2011-04-11 14:04 - 00000000 ____D C:\Windows\SysWOW64\Drivers\ar-SA
2015-06-14 03:08 - 2011-04-11 14:04 - 00000000 ____D C:\Windows\SysWOW64\ar
2015-06-14 03:08 - 2011-04-11 14:04 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2015-06-14 03:08 - 2011-04-11 14:04 - 00000000 ____D C:\Windows\system32\ar
2015-06-14 03:08 - 2011-04-11 14:04 - 00000000 ____D C:\Windows\ar-SA
2015-06-14 03:08 - 2011-02-19 06:51 - 00000000 ____D C:\Windows\system32\zh-CHT
2015-06-14 03:08 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-14 03:08 - 2009-07-14 09:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-14 03:08 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-14 03:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-06-14 03:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2015-06-14 03:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-14 02:59 - 2011-02-19 06:18 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-06-14 02:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-06-14 02:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-06-14 02:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\winrm
2015-06-14 02:59 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\WCN
2015-06-14 02:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-06-14 02:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-14 02:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-14 02:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-06-14 02:58 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\slmgr
2015-06-14 02:58 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-06-14 02:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2015-06-14 02:57 - 2015-02-13 06:48 - 00000000 ____D C:\ProgramData\P4G
2015-06-14 02:57 - 2015-02-13 06:48 - 00000000 ____D C:\Program Files\P4G
2015-06-14 02:57 - 2015-02-13 06:45 - 00000000 ____D C:\Program Files\Elantech
2015-06-14 02:57 - 2015-02-13 06:43 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-06-14 02:57 - 2015-02-13 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2015-06-14 02:57 - 2015-02-13 06:41 - 00000000 ____D C:\Program Files\ATI Technologies
2015-06-14 02:57 - 2015-02-13 06:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-06-14 02:57 - 2015-02-13 06:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-06-14 02:57 - 2015-02-13 06:37 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-06-14 02:57 - 2015-02-13 06:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp
2015-06-14 02:57 - 2015-02-13 06:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-06-14 02:57 - 2015-02-12 22:25 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2015-06-14 02:57 - 2015-02-12 22:24 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-14 02:57 - 2015-02-12 22:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
2015-06-14 02:57 - 2015-02-12 22:22 - 00000000 __RSD C:\Users\Public\Desktop\AsusTools
2015-06-14 02:57 - 2015-02-12 22:22 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-14 02:57 - 2015-02-12 22:22 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 02:57 - 2015-02-12 22:22 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-06-14 02:57 - 2011-04-13 04:51 - 00000000 ____D C:\ProgramData\Trend Micro
2015-06-14 02:57 - 2011-04-13 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\syncables
2015-06-14 02:57 - 2011-04-13 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2015-06-14 02:57 - 2011-04-13 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-06-14 02:57 - 2011-04-13 04:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-06-14 02:57 - 2011-04-13 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-14 02:57 - 2011-04-13 04:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-14 02:57 - 2011-04-13 04:33 - 00000000 ____D C:\ProgramData\Nuance
2015-06-14 02:57 - 2011-04-13 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
2015-06-14 02:57 - 2011-04-13 04:33 - 00000000 ____D C:\ProgramData\FLEXnet
2015-06-14 02:57 - 2011-04-13 04:33 - 00000000 ____D C:\Program Files (x86)\Nuance
2015-06-14 02:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-14 02:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-06-14 02:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-14 02:57 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-14 02:57 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-14 02:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-14 02:57 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-14 02:56 - 2015-05-05 21:05 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-06-14 02:56 - 2015-04-26 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-14 02:56 - 2015-04-26 16:39 - 00000000 ____D C:\Program Files\SmartTechnology
2015-06-14 02:56 - 2015-04-25 20:09 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-06-14 02:56 - 2015-03-16 12:14 - 00000000 ____D C:\Program Files (x86)\MP4Joiner
2015-06-14 02:56 - 2015-03-15 17:05 - 00000000 ____D C:\Program Files (x86)\Torrent Video Cutter
2015-06-14 02:56 - 2015-03-03 00:18 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-06-14 02:56 - 2015-03-01 18:02 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2015-06-14 02:56 - 2015-02-20 11:57 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-14 02:56 - 2015-02-17 18:51 - 00000000 ____D C:\Program Files (x86)\UniDEEalssi
2015-06-14 02:56 - 2015-02-13 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-14 02:56 - 2015-02-13 10:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-14 02:56 - 2015-02-12 22:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 02:55 - 2015-04-19 12:38 - 00000000 ____D C:\Python34
2015-06-14 02:55 - 2015-03-16 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2015-06-14 02:55 - 2015-03-15 21:55 - 00000000 ____D C:\Program Files\WinRAR
2015-06-14 02:55 - 2015-03-15 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torrent Video Cutter
2015-06-14 02:55 - 2015-03-15 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSI TurboCAD V.8
2015-06-14 02:55 - 2015-03-11 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-06-14 02:55 - 2015-02-17 18:51 - 00000000 ____D C:\ProgramData\anfefmkjapkhlacadpjaolchoicljfpb
2015-06-14 02:55 - 2015-02-17 16:03 - 00000000 ____D C:\ProgramData\jfakoefifafieokkcieodbnlcbpdcbjj
2015-06-14 02:55 - 2015-02-14 12:57 - 00000000 ____D C:\Users\James\AppData\Local\AVG Web TuneUp
2015-06-14 02:55 - 2015-02-13 09:36 - 00000000 ____D C:\Users\James\AppData\Local\Apps\2.0
2015-06-14 02:55 - 2015-02-12 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-14 02:54 - 2015-04-26 18:54 - 00000000 ____D C:\Users\James\AppData\Roaming\Arc
2015-06-14 02:54 - 2015-04-25 20:09 - 00000000 ____D C:\Users\James\AppData\Roaming\Raptr
2015-06-14 02:54 - 2015-04-25 14:49 - 00000000 ____D C:\Users\James\AppData\Roaming\.technic
2015-06-14 02:54 - 2015-04-13 17:29 - 00000000 ____D C:\Users\James\AppData\Roaming\ftblauncher
2015-06-14 02:54 - 2015-03-20 13:47 - 00000000 ____D C:\Users\James\Downloads\Florian
2015-06-14 02:54 - 2015-03-16 12:03 - 00000000 ____D C:\Users\James\AppData\Roaming\vlc
2015-06-14 02:54 - 2015-03-02 23:44 - 00000000 ____D C:\Users\James\Documents\Euro Truck Simulator 2
2015-06-14 02:54 - 2015-03-02 12:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-14 02:54 - 2015-02-13 10:44 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2015-06-14 02:53 - 2015-03-02 10:59 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-14 02:53 - 2015-03-02 10:59 - 00000000 ____D C:\Windows\system32\vbox
2015-06-14 02:53 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-14 02:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-14 02:36 - 2011-04-13 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-14 02:36 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-06-14 02:36 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-06-14 02:36 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Web
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Vss
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-06-14 02:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-06-14 02:34 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2015-06-14 02:34 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-06-14 02:33 - 2011-02-18 22:08 - 00000000 ____D C:\Windows\system32\SPReview
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spp
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Speech
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\SMI
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NetworkList
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-14 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\IME
2015-06-14 02:32 - 2011-02-18 21:48 - 00000000 ____D C:\Windows\system32\EventProviders
2015-06-14 02:30 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2015-06-14 02:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech
2015-06-14 02:29 - 2009-07-29 07:20 - 00000000 ____D C:\Windows\Log
2015-06-14 02:29 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance
2015-06-14 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2015-06-14 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\schemas
2015-06-14 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2015-06-14 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-14 02:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA
2015-06-14 02:28 - 2009-07-29 07:20 - 00000000 ____D C:\Windows\ASUS
2015-06-14 02:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2015-06-14 02:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Globalization
2015-06-14 02:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Branding
2015-06-14 02:27 - 2015-02-13 06:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-06-14 02:27 - 2015-02-13 06:55 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-06-14 02:27 - 2015-02-13 06:54 - 00000000 ____D C:\ProgramData\Temp
2015-06-14 02:27 - 2011-04-13 04:48 - 00000000 ____D C:\ProgramData\OberonGameConsole
2015-06-14 02:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-14 02:27 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 02:27 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-14 02:25 - 2015-02-13 06:54 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-14 02:25 - 2015-02-13 06:49 - 00000000 ____D C:\Program Files\ASUS
2015-06-14 02:25 - 2015-02-13 06:41 - 00000000 ____D C:\Program Files\ATI
2015-06-14 02:25 - 2015-02-13 06:26 - 00000000 ____D C:\Program Files\Realtek
2015-06-14 02:25 - 2011-04-13 04:50 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-14 02:25 - 2011-04-13 04:36 - 00000000 ____D C:\Program Files\Windows Live
2015-06-14 02:25 - 2011-04-13 04:33 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-06-14 02:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-14 02:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2015-06-14 02:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-06-14 02:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-06-14 02:25 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2015-06-14 02:25 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-06-14 02:25 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-14 02:24 - 2015-02-13 06:54 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-06-14 02:24 - 2015-02-13 06:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-14 02:24 - 2015-02-13 06:26 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-14 02:24 - 2011-04-13 04:49 - 00000000 ____D C:\Program Files (x86)\syncables
2015-06-14 02:24 - 2011-04-13 04:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-14 02:24 - 2011-04-13 04:38 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-14 02:24 - 2011-04-13 04:33 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-14 02:24 - 2011-04-13 04:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-14 02:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-14 02:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-14 02:24 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-06-14 02:23 - 2015-02-13 07:13 - 00000000 ____D C:\eSupport
2015-06-14 02:23 - 2015-02-13 06:43 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-06-14 02:23 - 2015-02-13 06:34 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-06-14 02:23 - 2011-04-13 04:49 - 00000000 ____D C:\AsusVibeData
2015-06-14 02:23 - 2011-04-13 04:47 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-06-12 18:22 - 2015-02-22 19:46 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2015-06-09 15:17 - 2015-03-11 19:07 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-07 22:34 - 2015-03-12 00:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-06-07 21:36 - 2015-04-25 17:51 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-05-29 19:35 - 2015-03-15 14:40 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live
2015-05-17 15:20 - 2015-04-28 20:57 - 00000000 ____D C:\Users\James\AppData\Roaming\SpinTires

==================== Files in the root of some directories =======

2015-06-09 18:05 - 2015-06-09 18:05 - 0002131 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-03-15 17:05 - 2015-03-15 17:05 - 0004875 _____ () C:\ProgramData\qupdvies.imb
2015-02-13 06:55 - 2015-02-13 06:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-02-13 06:54 - 2015-02-13 06:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 23:35

==================== End of log ============================
         

Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by James at 2015-06-14 13:06:41
Running from C:\Users\James\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-721324391-568460755-2307459731-500 - Administrator - Disabled)
Guest (S-1-5-21-721324391-568460755-2307459731-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-721324391-568460755-2307459731-1003 - Limited - Enabled)
James (S-1-5-21-721324391-568460755-2307459731-1002 - Administrator - Enabled) => C:\Users\James

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.24 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version:  - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version:  - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-02-2015 22:25:10 Windows Update
12-02-2015 22:52:03 Installed AVG 2015
12-02-2015 22:55:53 Installed AVG 2015
15-02-2015 00:18:15 Installed DirectX
22-02-2015 18:34:05 Removed Nuance PDF Reader.
28-02-2015 18:46:56 Installed DirectX
01-03-2015 17:59:19 Installed VirtualDJ 8
01-03-2015 23:46:49 Language Pack Removal
02-03-2015 10:46:46 Installed DirectX
02-03-2015 10:48:11 Removed AVG 2015
02-03-2015 10:56:29 Removed AVG 2015
02-03-2015 12:52:50 Windows Update
10-03-2015 15:54:56 Installed DirectX
10-03-2015 19:00:43 Installed DirectX
10-03-2015 19:06:51 Installed NVIDIA PhysX
10-03-2015 19:10:18 Installed DirectX
11-03-2015 19:05:05 Installiert Rockstar Games Social Club
11-03-2015 19:08:46 Installiert Grand Theft Auto IV
15-03-2015 14:04:10 TurboCAD V.8 wird installiert
17-03-2015 19:32:44 Installed DirectX
11-04-2015 16:54:19 Installed Ubisoft Game Launcher
11-04-2015 17:00:25 Installed DirectX
11-04-2015 17:06:25 Installed Microsoft Visual C++ 2005 Redistributable
19-04-2015 12:35:48 Installed Python 3.4.3
25-04-2015 17:15:42 Installed DirectX
25-04-2015 22:28:49 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
25-04-2015 22:32:26 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
26-04-2015 16:33:05 Device Driver Package Install: Mad Catz Mice and other pointing devices
26-04-2015 16:40:06 Device Driver Package Install: Mad Catz
26-04-2015 18:50:46 Installiert Arc
07-06-2015 21:54:04 Installiert Grand Theft Auto: Episodes From Liberty City
09-06-2015 15:13:50 Entfernt Grand Theft Auto: Episodes From Liberty City
09-06-2015 15:19:01 Installiert Grand Theft Auto: Episodes From Liberty City

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02EFB5F4-6F68-4025-A67B-D835BFBFBF83} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {49D41B3C-089A-4926-9499-D6A0292FC5E9} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {5678FCEB-994E-4607-A134-4A8F6E173343} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)
Task: {875773F3-870D-4CD9-9F06-E8A8C0B3A07C} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2010-12-18] (ASUSTek Computer Inc.)
Task: {A2083E4E-B622-461F-9D54-02D657697E31} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {D8BEC956-A600-4D95-86DD-ECCE38DF7651} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-14 13:00 - 2015-06-14 12:59 - 00050477 _____ () C:\Users\James\Desktop\Defogger.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-721324391-568460755-2307459731-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2015 03:42:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 001 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/13/2015 03:42:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 001 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/13/2015 01:27:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /wait; Description = avast! antivirus system restore point; Error = 0x800703fb).

Error: (06/12/2015 06:42:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: wlanhlp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5be0d2
Exception code: 0xc0000005
Fault offset: 0x000007fef98989f0
Faulting process id: 0x1324
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/12/2015 06:22:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LaunchEFLC.exe, version: 0.1.0.8, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0003329d
Faulting process id: 0xdb0
Faulting application start time: 0xLaunchEFLC.exe0
Faulting application path: LaunchEFLC.exe1
Faulting module path: LaunchEFLC.exe2
Report Id: LaunchEFLC.exe3

Error: (06/12/2015 05:49:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TestDrive2.exe version 0.1.5.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 720

Start Time: 01d0a526dde81a7d

Termination Time: 109

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Test Drive Unlimited 2\TestDrive2.exe

Report Id: a36f4ec4-111a-11e5-b3ca-74de2bb7ace5

Error: (06/12/2015 05:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Wlansvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: pcasvc.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5be01e
Exception code: 0xc0000005
Fault offset: 0x000007fef9858945
Faulting process id: 0x6c
Faulting application start time: 0xsvchost.exe_Wlansvc0
Faulting application path: svchost.exe_Wlansvc1
Faulting module path: svchost.exe_Wlansvc2
Report Id: svchost.exe_Wlansvc3

Error: (06/12/2015 05:44:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TestDrive2.exe version 0.1.5.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8d8

Start Time: 01d0a525fbcb79bb

Termination Time: 21734

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Test Drive Unlimited 2\TestDrive2.exe

Report Id: cc072994-1119-11e5-b3ca-74de2bb7ace5

Error: (06/11/2015 10:54:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EFLC.exe, version: 1.1.0.0, time stamp: 0x4b87a71e
Faulting module name: EasyHook32.dll, version: 0.0.0.0, time stamp: 0x49b2707b
Exception code: 0xc0000005
Fault offset: 0x0000cc2f
Faulting process id: 0xa7c
Faulting application start time: 0xEFLC.exe0
Faulting application path: EFLC.exe1
Faulting module path: EFLC.exe2
Report Id: EFLC.exe3

Error: (06/11/2015 09:46:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program main.exe version 4.2.45.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a8

Start Time: 01d0a46387bc6bc0

Termination Time: 26

Application Path: C:\Program Files (x86)\Razer\Razer Game Booster\main.exe

Report Id:


System errors:
=============
Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:54:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:54:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:54:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (06/14/2015 00:54:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068


Microsoft Office:
=========================
Error: (06/13/2015 03:42:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0018020000002D010000

Error: (06/13/2015 03:42:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 001120200000000000000AF000000

Error: (06/13/2015 01:27:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /waitavast! antivirus system restore point0x800703fb

Error: (06/12/2015 06:42:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1wlanhlp.dll_unloaded0.0.0.04a5be0d2c0000005000007fef98989f0132401d0a527020356a4C:\Windows\System32\svchost.exewlanhlp.dll03494c28-1122-11e5-b3ca-74de2bb7ace5

Error: (06/12/2015 06:22:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LaunchEFLC.exe0.1.0.800000000ntdll.dll6.1.7601.175144ce7ba58c00000050003329ddb001d0a52bdaec5899C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exeC:\Windows\SysWOW64\ntdll.dll2872a57d-111f-11e5-b3ca-74de2bb7ace5

Error: (06/12/2015 05:49:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TestDrive2.exe0.1.5.172001d0a526dde81a7d109C:\Program Files (x86)\Steam\steamapps\common\Test Drive Unlimited 2\TestDrive2.exea36f4ec4-111a-11e5-b3ca-74de2bb7ace5

Error: (06/12/2015 05:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Wlansvc6.1.7600.163854a5bc3c1pcasvc.dll_unloaded0.0.0.04a5be01ec0000005000007fef98589456c01d0a522924dc03bC:\Windows\System32\svchost.exepcasvc.dll01881511-111a-11e5-b3ca-74de2bb7ace5

Error: (06/12/2015 05:44:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TestDrive2.exe0.1.5.18d801d0a525fbcb79bb21734C:\Program Files (x86)\Steam\steamapps\common\Test Drive Unlimited 2\TestDrive2.execc072994-1119-11e5-b3ca-74de2bb7ace5

Error: (06/11/2015 10:54:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EFLC.exe1.1.0.04b87a71eEasyHook32.dll0.0.0.049b2707bc00000050000cc2fa7c01d0a48505d63885C:\Program Files (x86)\Rockstar Games\EFLC\EFLC.exeC:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll118fc578-107c-11e5-b0d8-74de2bb7ace5

Error: (06/11/2015 09:46:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: main.exe4.2.45.012a801d0a46387bc6bc026C:\Program Files (x86)\Razer\Razer Game Booster\main.exe


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 91%
Total physical RAM: 255.61 MB
Available physical RAM: 22.93 MB
Total Pagefile: 1279.61 MB
Available Pagefile: 735.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:193.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EFLC_DISC1) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         

GMER

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-14 13:41:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 ST950032 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\James\AppData\Local\Temp\fgloypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!EnableWindow             0000000075562da4 5 bytes JMP 0000000173399884
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW  000000007557cbf3 5 bytes JMP 00000001734e590f
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW          000000007557cfca 5 bytes JMP 00000001732f15bb
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!DialogBoxParamA          000000007559cb0c 5 bytes JMP 00000001734e58aa
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA  000000007559ce64 5 bytes JMP 00000001734e5974
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA      00000000755afbd1 5 bytes JMP 00000001734e5831
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW      00000000755afc9d 5 bytes JMP 00000001734e57b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!MessageBoxExA            00000000755afcd6 5 bytes JMP 00000001734e5754
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[1268] C:\Windows\syswow64\USER32.dll!MessageBoxExW            00000000755afcfa 5 bytes JMP 00000001734e56f0

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\services.exe [436:552]                                                                          000007fefcbe94c4
Thread  C:\Windows\System32\svchost.exe [692:716]                                                                           000007fefc7adc50
Thread  C:\Windows\System32\svchost.exe [692:720]                                                                           000007fefc7c28b0
Thread  C:\Windows\System32\svchost.exe [692:868]                                                                           000007fefc515440
Thread  C:\Windows\System32\svchost.exe [692:1556]                                                                          000007fefc7ad604
Thread  C:\Windows\System32\svchost.exe [692:1560]                                                                          000007fefc7ad604
Thread  C:\Windows\System32\svchost.exe [692:1564]                                                                          000007fefc7ad604
Thread  C:\Windows\system32\svchost.exe [728:1544]                                                                          000007fef792506c
Thread  C:\Windows\system32\svchost.exe [972:1012]                                                                          000007fefd291a70
Thread  C:\Windows\system32\svchost.exe [972:1016]                                                                          000007fefd291a70
Thread  C:\Windows\system32\svchost.exe [972:112]                                                                           000007fefd291a70
Thread  C:\Windows\system32\svchost.exe [972:272]                                                                           000007fefbce2c70
Thread  C:\Windows\system32\svchost.exe [972:344]                                                                           000007fefbcefb40
Thread  C:\Windows\system32\svchost.exe [972:280]                                                                           000007fefbd01d20
Thread  C:\Windows\system32\svchost.exe [972:424]                                                                           000007fefbcef6f0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bb7ace5                                         
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bb7ace5 (not active ControlSet)                     

---- EOF - GMER 2.1 ----
         

Defogger

Code: Alles auswählenAufklappen

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:01 on 14/06/2015 (James)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

MBAM

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.06.2015
Scan Time: 14:03:36
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.13.02
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354471
Time Elapsed: 4 hr, 55 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

Ich hoffe mir kann jemand weiter helfen. Schon mal vielen Dank

Viele Grüße
Ralican

hi,

Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.

Moin schrauber,

hier die aktuellste Dump Analyse

Schon mal Danke

Viele Grüße
Ralican

BlueScreenView

Code: Alles auswählenAufklappen

ATTFilter

==================================================
Dump File         : 061515-50700-01.dmp
Crash Time        : 14.06.2015 21:25:15
Bug Check String  : BAD_SYSTEM_CONFIG_INFO
Bug Check Code    : 0x00000074
Parameter 1       : 00000000`00000002
Parameter 2       : fffff880`02e29b20
Parameter 3       : 00000000`00000002
Parameter 4       : ffffffff`c000009a
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+80640
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Processor         : x64
Crash Address     : ntoskrnl.exe+80640
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\061515-50700-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 269.808
Dump File Time    : 15.06.2015 14:25:27
==================================================
         

• Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
• Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
• Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
• Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
• Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
• Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

Hallo schrauber,

bin bis zum Restart gekommen, mit dem Hochfahren hat sich der Rechner nach einer Weile mit dem BSOD verabschiedet.

Was nun?

Gruß
Ralican

Beim Hochfahren F8, als wenn Du in den Safe Mode willst. Wähle "letzte als funktionierend bekannte Konfiguration". Geht das?

Moin,

ne das geht leider auch nicht

Gruß
Ralican

hi,

dann von aussen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Moin schrauber,

hier der neue Scan von FRST

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SYSTEM on MININT-BDNQ2VI on 19-06-2015 13:55:59
Running from E:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-28] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKU\James\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe [232912 2011-04-12] (Adobe Systems, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-13] (Malwarebytes Corporation)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-13] (Malwarebytes Corporation)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 06:41 - 2015-06-16 06:41 - 00016184 ____N C:\bootsqm.dat
2015-06-16 05:14 - 2015-06-16 05:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JAMES-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-16 05:13 - 2015-06-16 05:13 - 00000000 ____D C:\RegBackup
2015-06-16 03:10 - 2015-06-16 03:10 - 00002161 _____ C:\Users\James\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-06-16 03:09 - 2015-06-16 03:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-16 03:02 - 2015-06-16 03:02 - 12840520 _____ C:\Users\James\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-06-16 02:52 - 2015-06-16 02:52 - 00269808 _____ C:\Windows\Minidump\061615-49935-01.dmp
2015-06-15 04:38 - 2015-06-15 04:38 - 00002110 _____ C:\Users\James\Desktop\BlueScreenView Dump.txt
2015-06-15 04:34 - 2015-06-15 04:37 - 00000000 ____D C:\Users\James\Downloads\bluescreenview_v1.55
2015-06-15 04:31 - 2015-06-15 04:32 - 00067310 _____ C:\Users\James\Downloads\bluescreenview_v1.55.zip
2015-06-15 04:25 - 2015-06-15 04:25 - 00269808 _____ C:\Windows\Minidump\061515-50700-01.dmp
2015-06-14 09:36 - 2015-06-14 09:36 - 00001061 _____ C:\Users\James\Desktop\MBAM.txt
2015-06-14 05:38 - 2015-06-14 05:38 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-14 04:02 - 2015-06-14 04:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-06-14 03:59 - 2015-06-14 03:59 - 00001104 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-14 03:59 - 2015-04-13 23:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-06-14 03:59 - 2015-04-13 23:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-06-14 03:59 - 2015-04-13 23:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-06-14 03:58 - 2015-06-14 03:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-14 03:58 - 2015-06-14 03:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-14 03:57 - 2015-06-14 03:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-14 03:41 - 2015-06-14 03:41 - 00004576 _____ C:\Users\James\Desktop\Gmer.log
2015-06-14 03:13 - 2015-06-14 03:13 - 00380416 _____ C:\Users\James\Desktop\Gmer-19357.exe
2015-06-14 03:06 - 2015-06-14 03:07 - 00027509 _____ C:\Users\James\Downloads\Addition.txt
2015-06-14 03:03 - 2015-06-14 03:07 - 00037527 _____ C:\Users\James\Downloads\FRST.txt
2015-06-14 03:02 - 2015-06-19 13:55 - 00000000 ____D C:\FRST
2015-06-14 03:02 - 2015-06-14 03:02 - 02108928 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2015-06-14 03:01 - 2015-06-14 03:01 - 00000472 _____ C:\Users\James\Desktop\defogger_disable.log
2015-06-14 03:01 - 2015-06-14 03:01 - 00000000 _____ C:\Users\James\defogger_reenable
2015-06-14 03:00 - 2015-06-14 02:59 - 00050477 _____ C:\Users\James\Desktop\Defogger.exe
2015-06-14 02:59 - 2015-06-14 02:59 - 00050477 _____ C:\Users\James\Downloads\Defogger.exe
2015-06-14 00:31 - 2015-06-14 00:32 - 00269808 _____ C:\Windows\Minidump\061415-123209-01.dmp
2015-06-14 00:30 - 2015-06-19 02:19 - 118921680 _____ C:\Windows\MEMORY.DMP
2015-06-13 05:38 - 2015-06-16 02:52 - 00000000 ____D C:\Windows\Minidump
2015-06-11 12:03 - 2015-06-11 12:03 - 00000000 ____D C:\Users\James\AppData\Roaming\Blender Foundation
2015-06-11 12:02 - 2015-06-11 13:12 - 00000000 ____D C:\Users\James\Downloads\Fiddelroom
2015-06-11 12:00 - 2015-06-11 12:00 - 67023692 _____ C:\Users\James\Downloads\DreamMotionTemplate17.blend
2015-06-11 11:58 - 2015-06-11 12:00 - 21732709 _____ C:\Users\James\Downloads\Fiddelroom.rar
2015-06-11 11:57 - 2015-06-11 12:00 - 70585180 _____ C:\Users\James\Downloads\intro template #3.blend
2015-06-11 11:57 - 2015-06-11 11:57 - 00000000 ____D C:\Program Files\Blender Foundation
2015-06-09 08:05 - 2015-06-09 08:05 - 00002131 _____ C:\Users\James\AppData\Local\recently-used.xbel
2015-06-09 08:01 - 2015-06-11 12:01 - 00000000 ____D C:\Users\James\.thumbnails
2015-06-09 07:51 - 2015-06-09 08:07 - 00000000 ____D C:\Users\James\.gimp-2.8
2015-06-09 07:51 - 2015-06-09 07:51 - 00000000 ____D C:\Users\James\AppData\Local\gegl-0.2
2015-06-09 07:49 - 2015-06-12 19:26 - 00000000 ____D C:\Program Files\GIMP 2
2015-06-09 07:36 - 2015-06-09 07:59 - 00000000 ____D C:\Users\James\Desktop\Out
2015-06-09 04:46 - 2008-11-01 13:52 - 00049208 ____R C:\Users\James\Desktop\logo-paul.bmp
2015-06-09 04:16 - 2015-06-13 16:54 - 00000000 ____D C:\Users\James\Desktop\Games
2015-06-09 04:14 - 2015-06-13 16:54 - 00000000 ____D C:\Users\James\Desktop\Stuff
2015-06-09 04:12 - 2015-06-09 04:14 - 28512959 _____ C:\Users\James\Desktop\EDGE v2.6 [r1].rar
2015-06-08 08:26 - 2015-06-08 08:26 - 00000000 __SHD C:\ProgramData\SecuROM
2015-06-08 07:52 - 2015-06-08 07:52 - 00000000 ____D C:\Users\James\Documents\Bandicut
2015-06-08 07:51 - 2015-06-13 16:56 - 00000000 ____D C:\Program Files (x86)\Bandicut
2015-06-08 07:45 - 2015-06-13 16:56 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-06-08 07:45 - 2015-06-13 16:54 - 00000000 ____D C:\Users\James\AppData\Roaming\BANDISOFT
2015-06-08 07:45 - 2015-06-09 07:56 - 00000000 ____D C:\Users\James\Documents\Bandicam
2015-06-08 07:12 - 2015-06-09 08:02 - 00000000 ____D C:\Users\James\Downloads\Skins
2015-06-01 11:55 - 2015-06-09 08:05 - 00000000 ____D C:\Users\James\Desktop\Texmod
2015-05-29 13:29 - 2015-05-29 13:29 - 00000000 ____D C:\Users\James\Documents\ASUS
2015-05-29 13:29 - 2015-05-29 13:29 - 00000000 ____D C:\Users\James\AppData\Local\ASUS
2015-05-29 13:29 - 2015-05-29 13:29 - 00000000 ____D C:\ProgramData\ASUS
2015-05-29 13:20 - 2015-05-29 13:20 - 00000000 ____D C:\Users\James\AppData\Local\{87CF942A-CC76-4571-86F8-A4AEA8836C86}
2015-05-29 10:01 - 2015-05-29 10:01 - 00000000 ____D C:\Users\James\AppData\Local\{3C8496E7-4FF7-4AEE-821C-2B086C059A10}
2015-05-29 09:53 - 2015-05-29 09:53 - 00000000 ____D C:\Users\James\AppData\Local\{D9A29DAB-6469-4498-BB3F-7BD5604229F3}
2015-05-29 09:42 - 2015-05-29 09:42 - 00000000 ____D C:\Users\James\AppData\Local\{3E5478AF-D838-4903-93F0-845127670344}
2015-05-29 09:40 - 2015-05-29 09:40 - 00000000 ____D C:\Users\James\AppData\Local\{080CE036-9617-42B7-94FD-E658AEEEA8DA}
2015-05-29 09:35 - 2015-05-29 09:35 - 00000000 ____D C:\Users\James\AppData\Local\{B18C1B99-034B-4673-831F-299A77510787}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 02:19 - 2011-04-12 17:39 - 00127660 _____ C:\Windows\PFRO.log
2015-06-16 06:18 - 2011-04-11 04:05 - 00607000 _____ C:\Windows\System32\perfh001.dat
2015-06-16 06:18 - 2011-04-11 04:05 - 00113854 _____ C:\Windows\System32\perfc001.dat
2015-06-16 06:18 - 2011-03-17 03:52 - 00674170 _____ C:\Windows\System32\perfh019.dat
2015-06-16 06:18 - 2011-03-17 03:52 - 00128670 _____ C:\Windows\System32\perfc019.dat
2015-06-16 06:18 - 2011-02-18 21:02 - 00526656 _____ C:\Windows\System32\perfh00D.dat
2015-06-16 06:18 - 2011-02-18 21:02 - 00103964 _____ C:\Windows\System32\perfc00D.dat
2015-06-16 06:18 - 2011-02-18 20:56 - 00721134 _____ C:\Windows\System32\perfh008.dat
2015-06-16 06:18 - 2011-02-18 20:56 - 00123610 _____ C:\Windows\System32\perfc008.dat
2015-06-16 06:18 - 2011-02-18 20:51 - 00354840 _____ C:\Windows\System32\prfh0404.dat
2015-06-16 06:18 - 2011-02-18 20:51 - 00103348 _____ C:\Windows\System32\prfc0404.dat
2015-06-16 06:18 - 2011-02-18 20:45 - 00682732 _____ C:\Windows\System32\prfh0816.dat
2015-06-16 06:18 - 2011-02-18 20:45 - 00131588 _____ C:\Windows\System32\prfc0816.dat
2015-06-16 06:18 - 2011-02-18 20:40 - 00688794 _____ C:\Windows\System32\perfh013.dat
2015-06-16 06:18 - 2011-02-18 20:40 - 00129386 _____ C:\Windows\System32\perfc013.dat
2015-06-16 06:18 - 2011-02-18 20:35 - 00687448 _____ C:\Windows\System32\perfh010.dat
2015-06-16 06:18 - 2011-02-18 20:35 - 00123784 _____ C:\Windows\System32\perfc010.dat
2015-06-16 06:18 - 2011-02-18 20:29 - 00692392 _____ C:\Windows\System32\perfh00C.dat
2015-06-16 06:18 - 2011-02-18 20:29 - 00126848 _____ C:\Windows\System32\perfc00C.dat
2015-06-16 06:18 - 2011-02-18 20:24 - 00640974 _____ C:\Windows\System32\perfh007.dat
2015-06-16 06:18 - 2011-02-18 20:24 - 00125706 _____ C:\Windows\System32\perfc007.dat
2015-06-16 06:18 - 2011-02-18 20:19 - 00691438 _____ C:\Windows\System32\perfh00A.dat
2015-06-16 06:18 - 2011-02-18 20:19 - 00133482 _____ C:\Windows\System32\perfc00A.dat
2015-06-16 06:09 - 2009-07-13 18:34 - 00000439 _____ C:\Windows\win.ini
2015-06-16 05:42 - 2009-07-13 21:13 - 08503202 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-14 05:38 - 2009-07-13 20:51 - 00052455 _____ C:\Windows\setupact.log
2015-06-14 03:01 - 2015-02-12 12:22 - 00000000 ____D C:\users\James
2015-06-14 02:51 - 2009-07-13 20:45 - 00275208 _____ C:\Windows\System32\FNTCACHE.DAT
2015-06-13 17:09 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2015-06-13 17:08 - 2011-04-12 18:33 - 00000000 ____D C:\ProgramData\Partner
2015-06-13 17:08 - 2011-04-11 04:04 - 00000000 ____D C:\Windows\SysWOW64\Drivers\ar-SA
2015-06-13 17:08 - 2011-04-11 04:04 - 00000000 ____D C:\Windows\SysWOW64\ar
2015-06-13 17:08 - 2011-04-11 04:04 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA
2015-06-13 17:08 - 2011-04-11 04:04 - 00000000 ____D C:\Windows\System32\ar
2015-06-13 17:08 - 2011-04-11 04:04 - 00000000 ____D C:\Windows\ar-SA
2015-06-13 17:08 - 2011-02-18 20:51 - 00000000 ____D C:\Windows\System32\zh-CHT
2015-06-13 17:08 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-13 17:08 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-13 17:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-06-13 17:08 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\he-IL
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2015-06-13 17:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 16:59 - 2011-02-18 20:18 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-06-13 16:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-06-13 16:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-06-13 16:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\winrm
2015-06-13 16:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\WCN
2015-06-13 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-06-13 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-13 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-13 16:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2015-06-13 16:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\slmgr
2015-06-13 16:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2015-06-13 16:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2015-06-13 16:57 - 2015-02-12 20:48 - 00000000 ____D C:\ProgramData\P4G
2015-06-13 16:57 - 2015-02-12 20:48 - 00000000 ____D C:\Program Files\P4G
2015-06-13 16:57 - 2015-02-12 20:45 - 00000000 ____D C:\Program Files\Elantech
2015-06-13 16:57 - 2015-02-12 20:43 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-06-13 16:57 - 2015-02-12 20:41 - 00000000 ____D C:\Program Files\ATI Technologies
2015-06-13 16:57 - 2015-02-12 20:41 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-06-13 16:57 - 2015-02-12 20:37 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-06-13 16:57 - 2015-02-12 12:22 - 00000000 __RSD C:\Users\Public\Desktop\AsusTools
2015-06-13 16:57 - 2011-04-12 18:51 - 00000000 ____D C:\ProgramData\Trend Micro
2015-06-13 16:57 - 2011-04-12 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-13 16:57 - 2011-04-12 18:33 - 00000000 ____D C:\ProgramData\Nuance
2015-06-13 16:57 - 2011-04-12 18:33 - 00000000 ____D C:\ProgramData\FLEXnet
2015-06-13 16:57 - 2011-04-12 18:33 - 00000000 ____D C:\Program Files (x86)\Nuance
2015-06-13 16:57 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-13 16:57 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-06-13 16:57 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-13 16:57 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-13 16:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-13 16:57 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-13 16:56 - 2015-05-05 11:05 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-06-13 16:56 - 2015-04-26 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-13 16:56 - 2015-04-26 06:39 - 00000000 ____D C:\Program Files\SmartTechnology
2015-06-13 16:56 - 2015-04-25 10:09 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-06-13 16:56 - 2015-03-16 02:14 - 00000000 ____D C:\Program Files (x86)\MP4Joiner
2015-06-13 16:56 - 2015-03-15 07:05 - 00000000 ____D C:\Program Files (x86)\Torrent Video Cutter
2015-06-13 16:56 - 2015-03-02 14:18 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-06-13 16:56 - 2015-03-01 08:02 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2015-06-13 16:56 - 2015-02-20 01:57 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-13 16:56 - 2015-02-17 08:51 - 00000000 ____D C:\Program Files (x86)\UniDEEalssi
2015-06-13 16:56 - 2015-02-13 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-13 16:56 - 2015-02-13 00:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-13 16:56 - 2015-02-12 12:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-13 16:55 - 2015-04-19 02:38 - 00000000 ____D C:\Python34
2015-06-13 16:55 - 2015-03-15 11:55 - 00000000 ____D C:\Program Files\WinRAR
2015-06-13 16:55 - 2015-02-17 08:51 - 00000000 ____D C:\ProgramData\anfefmkjapkhlacadpjaolchoicljfpb
2015-06-13 16:55 - 2015-02-17 06:03 - 00000000 ____D C:\ProgramData\jfakoefifafieokkcieodbnlcbpdcbjj
2015-06-13 16:55 - 2015-02-14 02:57 - 00000000 ____D C:\Users\James\AppData\Local\AVG Web TuneUp
2015-06-13 16:55 - 2015-02-12 23:36 - 00000000 ____D C:\Users\James\AppData\Local\Apps\2.0
2015-06-13 16:54 - 2015-04-26 08:54 - 00000000 ____D C:\Users\James\AppData\Roaming\Arc
2015-06-13 16:54 - 2015-04-25 10:09 - 00000000 ____D C:\Users\James\AppData\Roaming\Raptr
2015-06-13 16:54 - 2015-04-25 04:49 - 00000000 ____D C:\Users\James\AppData\Roaming\.technic
2015-06-13 16:54 - 2015-04-13 07:29 - 00000000 ____D C:\Users\James\AppData\Roaming\ftblauncher
2015-06-13 16:54 - 2015-03-20 03:47 - 00000000 ____D C:\Users\James\Downloads\Florian
2015-06-13 16:54 - 2015-03-16 02:03 - 00000000 ____D C:\Users\James\AppData\Roaming\vlc
2015-06-13 16:54 - 2015-03-02 13:44 - 00000000 ____D C:\Users\James\Documents\Euro Truck Simulator 2
2015-06-13 16:54 - 2015-02-13 00:44 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2015-06-13 16:53 - 2015-03-02 00:59 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-13 16:53 - 2015-03-02 00:59 - 00000000 ____D C:\Windows\System32\vbox
2015-06-13 16:53 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-13 16:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-06-13 16:36 - 2011-04-12 18:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-13 16:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-06-13 16:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-06-13 16:36 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-06-13 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-06-13 16:34 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2015-06-13 16:34 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2015-06-13 16:33 - 2011-02-18 12:08 - 00000000 ____D C:\Windows\System32\SPReview
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Speech
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NetworkList
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2015-06-13 16:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2015-06-13 16:32 - 2011-02-18 11:48 - 00000000 ____D C:\Windows\System32\EventProviders
2015-06-13 16:30 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2015-06-13 16:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2015-06-13 16:29 - 2009-07-28 21:20 - 00000000 ____D C:\Windows\Log
2015-06-13 16:29 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Performance
2015-06-13 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2015-06-13 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2015-06-13 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2015-06-13 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-13 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2015-06-13 16:28 - 2009-07-28 21:20 - 00000000 ____D C:\Windows\ASUS
2015-06-13 16:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-06-13 16:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2015-06-13 16:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2015-06-13 16:27 - 2015-02-12 20:54 - 00000000 ____D C:\ProgramData\Temp
2015-06-13 16:27 - 2011-04-12 18:48 - 00000000 ____D C:\ProgramData\OberonGameConsole
2015-06-13 16:27 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2015-06-13 16:25 - 2015-02-12 20:54 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-13 16:25 - 2015-02-12 20:49 - 00000000 ____D C:\Program Files\ASUS
2015-06-13 16:25 - 2015-02-12 20:41 - 00000000 ____D C:\Program Files\ATI
2015-06-13 16:25 - 2015-02-12 20:26 - 00000000 ____D C:\Program Files\Realtek
2015-06-13 16:25 - 2011-04-12 18:50 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-13 16:25 - 2011-04-12 18:36 - 00000000 ____D C:\Program Files\Windows Live
2015-06-13 16:25 - 2011-04-12 18:33 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-06-13 16:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-13 16:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\MSBuild
2015-06-13 16:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-06-13 16:25 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-06-13 16:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Windows NT
2015-06-13 16:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-06-13 16:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-13 16:24 - 2015-02-12 20:54 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-06-13 16:24 - 2015-02-12 20:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-13 16:24 - 2015-02-12 20:26 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-13 16:24 - 2011-04-12 18:49 - 00000000 ____D C:\Program Files (x86)\syncables
2015-06-13 16:24 - 2011-04-12 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-13 16:24 - 2011-04-12 18:38 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-13 16:24 - 2011-04-12 18:33 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-13 16:24 - 2011-04-12 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-13 16:24 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-13 16:24 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-13 16:24 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-06-13 16:23 - 2015-02-12 21:13 - 00000000 ____D C:\eSupport
2015-06-13 16:23 - 2015-02-12 20:43 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-06-13 16:23 - 2015-02-12 20:34 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-06-13 16:23 - 2011-04-12 18:49 - 00000000 ____D C:\AsusVibeData
2015-06-13 16:23 - 2011-04-12 18:47 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-06-12 08:22 - 2015-02-22 09:46 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2015-06-09 05:17 - 2015-03-11 09:07 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-07 12:34 - 2015-03-11 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-06-07 11:36 - 2015-04-25 07:51 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-05-29 09:35 - 2015-03-15 04:40 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-02-12 12:26:32
Restore point made on: 2015-02-12 12:54:25
Restore point made on: 2015-02-12 12:59:06
Restore point made on: 2015-02-14 14:20:43
Restore point made on: 2015-02-22 08:36:02
Restore point made on: 2015-02-28 08:49:01
Restore point made on: 2015-03-01 08:01:49
Restore point made on: 2015-03-01 13:49:23
Restore point made on: 2015-03-02 00:48:51
Restore point made on: 2015-03-02 00:53:04
Restore point made on: 2015-03-02 00:58:19
Restore point made on: 2015-03-02 01:00:23
Restore point made on: 2015-03-02 02:54:55
Restore point made on: 2015-03-02 03:23:59
Restore point made on: 2015-03-02 03:56:05
Restore point made on: 2015-03-10 05:57:33
Restore point made on: 2015-03-10 09:03:15
Restore point made on: 2015-03-10 09:08:22
Restore point made on: 2015-03-10 09:11:52
Restore point made on: 2015-03-11 09:07:03
Restore point made on: 2015-03-11 09:10:28
Restore point made on: 2015-03-15 04:05:57
Restore point made on: 2015-03-17 09:34:26
Restore point made on: 2015-04-11 06:59:22
Restore point made on: 2015-04-11 07:02:05
Restore point made on: 2015-04-11 07:07:47
Restore point made on: 2015-04-19 02:37:43
Restore point made on: 2015-04-25 07:17:38
Restore point made on: 2015-04-25 12:31:43
Restore point made on: 2015-04-25 12:35:28
Restore point made on: 2015-04-26 06:35:21
Restore point made on: 2015-04-26 06:41:45
Restore point made on: 2015-04-26 08:52:58
Restore point made on: 2015-06-07 11:56:14
Restore point made on: 2015-06-09 05:15:39
Restore point made on: 2015-06-09 05:20:21

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8171.71 MB
Available physical RAM: 7430.82 MB
Total Pagefile: 8169.86 MB
Available Pagefile: 7412.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:193.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EFLC_DISC1) (CDROM) (Total:7.72 GB) (Free:0 GB) UDF
Drive e: (RAM DRIVE) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)


LastRegBack: 2015-06-13 13:35

==================== End of log ============================
         

Gruß
Ralican

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

LastRegBack: 2015-06-13 13:35
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hi,

hier das Fixlog.txt

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by James at 2015-06-20 12:33:19 Run:1
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available Profiles: James)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
LastRegBack: 2015-06-13 13:35
*****************

LastRegBack: 2015-06-13 13:35 => Error: The restore operation should be done in the recovery mode.

==== End of Fixlog 12:33:19 ====
         

Gruß
Ralican

Du musst den Fix schon in der Recovery laufen lassen

Moin schrauber,

ich hoffe das ist jetzt das richtige Fixlog.txt

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by SYSTEM at 2015-06-21 18:19:42 Run:3
Running from D:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
LastRegBack: 2015-06-13 13:35
*****************

DEFAULT hive copied successfully to System32\config\HiveBackup
DEFAULT hive restored successfully from registry back up.
SAM hive copied successfully to System32\config\HiveBackup
SAM hive restored successfully from registry back up.
SECURITY hive copied successfully to System32\config\HiveBackup
SECURITY hive restored successfully from registry back up.
SOFTWARE hive copied successfully to System32\config\HiveBackup
SOFTWARE hive restored successfully from registry back up.
SYSTEM hive copied successfully to System32\config\HiveBackup
SYSTEM hive restored successfully from registry back up.

==== End of Fixlog 18:20:01 ====
         

Viele Grüße
Ralican

Startet der Rechner jetzt normal?

Moin,

Rechner startet erstmal normal, dauerte allerdings ziemlich lang mit dem Hochfahren. Dann hab ich meinen normalen Desktop gesehen........ nach einer ganzen Weile, schwarzer Bildschirm mit Ladesymbol neben der Maus, danach passierte nichts mehr. Hab den Rechner abgeschalten und nochmal gestartet und dann kam wieder BSOD.

Gruß
Ralican